Merge pull request #11 from tyshkor/develop

Caller check
ferrumnet · Jun 13, 2023 · 1c8e538 · 1c8e538
2 parents adb3897 + 003c1f5
commit 1c8e538
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 0 deletions.
diff --git a/contract/src/bridge_pool_contract.rs b/contract/src/bridge_pool_contract.rs
@@ -147,6 +147,7 @@ pub trait BridgePoolContract<Storage: ContractStorage>: ContractContext<Storage>
 
     // outer function to withdraw liquidity from the pool securely
     #[allow(clippy::too_many_arguments)]
+    #[inline(always)]
     fn withdraw_signed(
         &mut self,
         token_address: String,
@@ -156,10 +157,20 @@ pub trait BridgePoolContract<Storage: ContractStorage>: ContractContext<Storage>
         salt: String,
         receiver: String,
         signature: String,
+        caller: String,
     ) -> Result<(), Error> {
         let actor = detail::get_immediate_caller_address()
             .unwrap_or_revert_with(Error::ImmediateCallerFail);
 
+        let client_address = detail::get_immediate_caller_address()
+            .unwrap_or_revert_with(Error::ImmediateCallerFail);
+
+        let client_address_string: String = client_address.try_into()?;
+
+        if caller != client_address_string {
+            return Err(Error::WrongCaller);
+        }
+
         let token = ContractPackageHash::from_formatted_str(token_address.as_str())
             .map_err(|_| Error::NotContractPackageHash)?;
 
@@ -179,6 +190,7 @@ pub trait BridgePoolContract<Storage: ContractStorage>: ContractContext<Storage>
                     payee.as_bytes(),
                     amount.to_string().as_bytes(),
                     receiver.as_bytes(),
+                    caller.as_bytes(),
                     &chain_id.to_be_bytes(),
                     &salt,
                 ]

diff --git a/contract/src/error.rs b/contract/src/error.rs
@@ -45,6 +45,7 @@ pub enum Error {
     ImmediateCallerFail = 40,
     SignerWrongFormat = 41,
     MessageHashNotEqualToGenerated = 42,
+    WrongCaller = 43,
 }
 
 impl From<Error> for ApiError {

diff --git a/contract/src/main.rs b/contract/src/main.rs
@@ -53,6 +53,7 @@ const SALT: &str = "salt";
 const SIGNATURE: &str = "signature";
 const CHAIN_ID: &str = "chain_id";
 const TOKEN_RECIPIENT: &str = "token_recipient";
+const CALLER: &str = "caller";
 
 const CONSTRUCTOR_GROUP: &str = "constructor_group";
 const ADMIN_GROUP: &str = "admin_group";
@@ -164,6 +165,7 @@ pub extern "C" fn withdraw_signed() {
     let salt = runtime::get_named_arg::<String>(SALT);
     let signature = runtime::get_named_arg::<String>(SIGNATURE);
     let token_recipient = runtime::get_named_arg::<String>(TOKEN_RECIPIENT);
+    let caller = runtime::get_named_arg::<String>(CALLER);
     #[allow(clippy::let_unit_value)]
     let ret = Contract::default()
         .withdraw_signed(
@@ -174,6 +176,7 @@ pub extern "C" fn withdraw_signed() {
             salt,
             token_recipient,
             signature,
+            caller,
         )
         .unwrap_or_revert();
     runtime::ret(CLValue::from_t(ret).unwrap_or_revert());
@@ -288,6 +291,7 @@ pub extern "C" fn call() {
             Parameter::new(SALT, String::cl_type()),
             Parameter::new(SIGNATURE, String::cl_type()),
             Parameter::new(TOKEN_RECIPIENT, String::cl_type()),
+            Parameter::new(CALLER, String::cl_type()),
         ],
         CLType::Unit,
         EntryPointAccess::Public,

diff --git a/tests/src/integration_tests.rs b/tests/src/integration_tests.rs
@@ -832,10 +832,13 @@ mod tests {
             .try_into()
             .unwrap();
 
+        let caller: String = (*DEFAULT_ACCOUNT_ADDR).to_string();
+
         let message_hash = contract_utils::keccak::message_hash(
             erc20_contract_package_hash_string.clone(),
             payee.clone(),
             amount.to_string(),
+            caller.clone(),
             chain_id,
             salt_array,
             token_recipient.clone(),
@@ -915,6 +918,7 @@ mod tests {
             "salt" => salt_string,
             "signature" => signature_string,
             "token_recipient" => token_recipient,
+            "caller" => caller,
         };
 
         let withdraw_signed_request = ExecuteRequestBuilder::contract_call_by_hash(

diff --git a/utils/contract-utils/src/keccak.rs b/utils/contract-utils/src/keccak.rs
@@ -44,6 +44,7 @@ pub fn message_hash(
     token_contract_package_hash: String,
     payee: String,
     amount: String,
+    caller: String,
     chain_id: u64,
     salt: [u8; 32],
     token_recipient: String,
@@ -54,6 +55,7 @@ pub fn message_hash(
         payee.as_bytes(),
         amount.as_bytes(),
         token_recipient.as_bytes(),
+        caller.as_bytes(),
         &chain_id.to_be_bytes(),
         &salt,
     ]